OMC[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

OMC.exe
Size

6.3MB
MD5

afa800c22587d79d8802996659c48272
SHA1

76938a629069ac00bc0f8e56d005b6a73f1859ea
SHA256

f6440568eda0919b7ae9ea50a10ede77cf2f17df80c5c0f41cf47258ca69e33f
SHA512

7727b587633460d01166161613baca0b5b694a77b3772c61ad431f25a559dcbc85bee3fdece2bc24ca0398962a4e4408b87c1c7b76dc91398fd25265f77fa05f
SSDEEP

98304:/9YiVVgb63qLR6OxHODd5ywXeCe+bhVceSoXZ3Z:/9YiVibM8R6OxHO3DYoX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
OMC.exe

Files

OMC.exe
.exe windows x86

15d69ef8d322bf426e60f800b7595fc4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

omc_comm

??1CCommEx@@QAE@XZ
??0CCommEx@@QAE@XZ
?COMM_ChangePasswd@CCommEx@@QAEKABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
shareMsgDebug
?GetClientKey@CCommEx@@QAEHXZ
?GetPassword@CCommEx@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?COMM_Login@CCommEx@@QAEKABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@00PAUHWND__@@III@Z
?COMM_SetSOPLog@CCommEx@@QAEKPAVCSOPLog@@@Z
?COMM_Logout@CCommEx@@QAEKXZ
?COMM_MMLRequest@CCommEx@@QAEKEEEEABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PAUHWND__@@IHPAVCWnd@@E@Z

sqlite3

sqlite3_column_blob
sqlite3_column_int
sqlite3_bind_blob
sqlite3_prepare_v2
sqlite3_open_v2
sqlite3_free
sqlite3_exec
sqlite3_column_text
sqlite3_step
sqlite3_finalize
sqlite3_errmsg

ws2_32

htonl
WSACleanup
closesocket
sendto
inet_addr
htons
socket
WSAGetLastError
WSAStartup
inet_ntoa

mfc110

ord8273
ord7621
ord9858
ord3577
ord12996
ord4102
ord7206
ord7446
ord9104
ord13043
ord3872
ord11879
ord11499
ord11952
ord14320
ord11859
ord2592
ord2569
ord11558
ord2595
ord4045
ord4111
ord4141
ord4183
ord4217
ord4187
ord3776
ord8145
ord12234
ord7980
ord8798
ord13721
ord3178
ord7234
ord962
ord1435
ord7457
ord6129
ord5689
ord11902
ord14312
ord8944
ord2593
ord2568
ord11559
ord2597
ord8799
ord3196
ord3301
ord4169
ord5073
ord13865
ord4171
ord3303
ord3198
ord8946
ord6680
ord1442
ord7459
ord4103
ord6372
ord13022
ord13520
ord12334
ord12354
ord12726
ord12640
ord12868
ord13050
ord13440
ord13853
ord8691
ord13850
ord12792
ord13861
ord12795
ord11158
ord6954
ord11177
ord6715
ord320
ord2340
ord3296
ord3176
ord6640
ord1394
ord7233
ord892
ord7249
ord5968
ord6688
ord7464
ord13397
ord5667
ord7721
ord1203
ord13128
ord5437
ord13228
ord508
ord4027
ord5174
ord7971
ord459
ord357
ord12417
ord12821
ord14100
ord1955
ord442
ord1093
ord5444
ord5435
ord3015
ord4514
ord7860
ord497
ord345
ord14409
ord1051
ord928
ord5426
ord12202
ord1521
ord14333
ord13013
ord13107
ord5037
ord6993
ord3887
ord14334
ord4978
ord12557
ord2404
ord7629
ord840
ord1526
ord3739
ord3625
ord4910
ord364
ord4024
ord7151
ord12328
ord979
ord1452
ord2200
ord2248
ord817
ord1343
ord5072
ord4736
ord2286
ord2334
ord13705
ord11418
ord11248
ord2506
ord4429
ord945
ord1419
ord14344
ord5737
ord3901
ord836
ord2558
ord7965
ord5508
ord567
ord1185
ord12131
ord8270
ord4009
ord13121
ord835
ord2479
ord4375
ord13702
ord13020
ord7969
ord3515
ord900
ord8694
ord4984
ord6589
ord12921
ord14189
ord8289
ord847
ord1363
ord12302
ord12660
ord7304
ord6339
ord5634
ord9788
ord14063
ord7474
ord12388
ord1956
ord3111
ord5177
ord8156
ord7911
ord3540
ord6975
ord3280
ord3115
ord8938
ord1153
ord4148
ord14064
ord12835
ord5664
ord4501
ord13395
ord6241
ord1641
ord7462
ord6799
ord6686
ord7012
ord12361
ord6787
ord5149
ord6189
ord7141
ord13918
ord6905
ord7306
ord7140
ord11703
ord12566
ord5519
ord4610
ord7859
ord6643
ord1448
ord5694
ord5691
ord12040
ord12038
ord4842
ord4862
ord4858
ord4854
ord4846
ord4889
ord4867
ord4896
ord3234
ord2384
ord12318
ord1519
ord306
ord5368
ord5367
ord6396
ord2153
ord5441
ord7985
ord1684
ord1166
ord492
ord11856
ord11916
ord7305
ord6343
ord5809
ord10807
ord8847
ord1342
ord816
ord259
ord3175
ord4780
ord14412
ord2189
ord3890
ord14340
ord2826
ord12128
ord11745
ord1133
ord499
ord7878
ord7873
ord1171
ord6433
ord5831
ord8940
ord4157
ord7260
ord301
ord1954
ord5686
ord13405
ord1439
ord969
ord3781
ord5700
ord6895
ord8033
ord3803
ord13019
ord6694
ord3122
ord8588
ord3731
ord3628
ord3738
ord1431
ord6669
ord3193
ord3300
ord4256
ord4807
ord5699
ord7881
ord539
ord6902
ord8532
ord3181
ord13687
ord13196
ord14357
ord6160
ord4026
ord1134
ord500
ord14112
ord4808
ord2470
ord2159
ord3865
ord6451
ord4159
ord8558
ord6804
ord503
ord6727
ord13684
ord1413
ord7215
ord1167
ord6429
ord3126
ord3282
ord6990
ord12411
ord5274
ord7852
ord4805
ord1059
ord361
ord8151
ord13700
ord1058
ord359
ord4809
ord1415
ord9272
ord12816
ord6714
ord11688
ord13675
ord6657
ord3183
ord7269
ord7933
ord839
ord12345
ord7934
ord11953
ord6375
ord7311
ord3750
ord457
ord8585
ord8191
ord1646
ord1177
ord554
ord7631
ord13296
ord9182
ord13797
ord14242
ord13403
ord6403
ord3630
ord3637
ord6370
ord3102
ord6334
ord8934
ord3085
ord4151
ord6672
ord8943
ord3195
ord4168
ord2333
ord2869
ord14155
ord14149
ord4579
ord12801
ord1096
ord1434
ord12336
ord3767
ord6145
ord9271
ord13018
ord2827
ord5438
ord4664
ord2840
ord12206
ord11755
ord1437
ord967
ord1057
ord6856
ord13680
ord1451
ord1162
ord13704
ord1170
ord6432
ord8939
ord3129
ord4156
ord8557
ord2934
ord3808
ord14307
ord2697
ord1438
ord968
ord6108
ord4977
ord1683
ord1687
ord12538
ord4594
ord4595
ord4672
ord12658
ord14143
ord12695
ord8166
ord7598
ord9846
ord9845
ord10939
ord8819
ord10915
ord9332
ord11530
ord8721
ord8729
ord10910
ord9330
ord9789
ord9785
ord9318
ord9328
ord9313
ord11069
ord11066
ord8112
ord6065
ord13500
ord11869
ord11957
ord4892
ord4893
ord4894
ord4895
ord6709
ord2624
ord4519
ord13651
ord2244
ord2149
ord2215
ord7808
ord1459
ord987
ord7470
ord14025
ord14012
ord13713
ord4105
ord14107
ord14114
ord5543
ord5610

msvcr110

isalpha
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
strchr
realloc
strstr
_purecall
toupper
ceil
_atoi64
strtoul
_mbscmp
ldiv
_ismbcdigit
rand
_itoa
_mbsstr
_CxxThrowException
_vsnwprintf_s
_setmbcp
_splitpath
strftime
malloc
memmove_s
strtol
_libm_sse2_asin_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
atol
free
atof
_mktime64
_localtime64_s
_time64
_mkdir
atoi
memcpy_s
memmove
floor
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_CRT_RTC_INITW
_commode
_fmode
_acmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
fopen
fprintf
_filelengthi64
_filelength
fwrite
fread
ferror
fseek
fclose
towupper
towlower
isalnum
srand
strcat
_fileno
strrchr
tolower
strncpy
_strnicmp
strncmp
strcmp
strcpy
memset
sscanf
_localtime64
_tzset
memcpy
strlen
memcmp
_stricmp
__CxxFrameHandler3
calloc
div
_wcsicmp
vsprintf
_mbsnbcpy
printf
_access
sprintf

kernel32

GetCurrentDirectoryA
SystemTimeToFileTime
GetPrivateProfileIntA
lstrcpynA
GetFileAttributesA
WriteFile
GetFileSize
GlobalSize
GetVersionExA
GetCurrentThreadId
InterlockedDecrement
GlobalReAlloc
GetModuleHandleA
GetACP
GetOEMCP
LocalFileTimeToFileTime
SetEvent
GlobalAlloc
GlobalFree
MulDiv
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrcatA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
ResetEvent
GetLocalTime
SetFileTime
WideCharToMultiByte
GetProcAddress
GetSystemTime
SetFileAttributesA
CreateDirectoryA
WaitForSingleObject
CreateEventA
lstrlenA
lstrcpyA
MultiByteToWideChar
LocalFree
LoadLibraryExA
ExpandEnvironmentStringsA
GetSystemDirectoryW
FindNextFileA
InterlockedIncrement
CloseHandle
ReadFile
SetFilePointer
CreateFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
Sleep
GetModuleFileNameA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
MoveFileA
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
LoadLibraryW
LoadLibraryExW
RaiseException
GetComputerNameW
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
CreateThread
CreateFileW
GetFileTime
InitializeCriticalSection
SetFileAttributesW
GetFileAttributesW
DeleteFileW
GetModuleFileNameW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
FormatMessageA
DeleteFileA

user32

GetDC
ReleaseDC
GetWindowRect
KillTimer
SetTimer
MessageBeep
PostMessageA
MessageBoxA
RedrawWindow
RegisterWindowMessageA
GetClientRect
SetScrollPos
IsWindowVisible
GetScrollPos
PtInRect
ScreenToClient
CallWindowProcA
GetParent
GetWindowLongA
GetSysColor
MessageBoxW
LoadCursorA
InvalidateRect
IsWindow
DrawTextA
SendMessageA
ShowScrollBar
GetDCEx
GetClassLongA
EndDeferWindowPos
BeginDeferWindowPos
GetSysColorBrush
IsChild
PostQuitMessage
GetKeyNameTextA
MapVirtualKeyA
SetRectEmpty
AppendMenuA
GetMenuStringA
GetMenuItemInfoA
GetMenuItemCount
GetNextDlgGroupItem
DestroyMenu
DestroyCursor
CreateIconIndirect
GetIconInfo
DrawStateA
TrackPopupMenuEx
GetActiveWindow
GetNextDlgTabItem
GetCursor
DrawIcon
WindowFromPoint
IsRectEmpty
GetDoubleClickTime
GetCapture
ClipCursor
InvertRect
IntersectRect
DefWindowProcA
GetClassInfoA
FrameRect
AttachThreadInput
GetForegroundWindow
SetForegroundWindow
SetWindowPos
wsprintfA
EnableWindow
GetWindowThreadProcessId
PeekMessageA
GrayStringA
DrawTextExA
TabbedTextOutA
OffsetRect
LoadIconW
SetFocus
FindWindowA
ReleaseCapture
TrackMouseEvent
SetCapture
GetAsyncKeyState
SystemParametersInfoA
DrawIconEx
IsZoomed
SetWindowTextA
IsIconic
SetWindowRgn
CreatePopupMenu
CheckMenuItem
EqualRect
SetActiveWindow
BringWindowToTop
CopyIcon
GetMessagePos
MessageBoxExA
DispatchMessageA
TranslateMessage
DrawEdge
FillRect
GetDesktopWindow
ModifyMenuA
LoadImageA
DestroyIcon
GetSystemMetrics
InflateRect
LoadBitmapW
SetCursor
GetCursorPos
ClientToScreen
SetParent
UpdateWindow
SetRect
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
EnableMenuItem
GetSubMenu
LoadMenuW
GetKeyState
MapWindowPoints
GetWindow
GetFocus
SetWindowLongA
DrawFocusRect
DrawFrameControl
CopyRect

gdi32

PatBlt
CreatePatternBrush
CreateBitmap
GetPixel
SetPixel
GetTextColor
CreateDIBitmap
GetDIBits
SetDIBits
ResetDCA
CreateRectRgnIndirect
RoundRect
DeleteDC
GetDeviceCaps
Escape
TextOutA
RectVisible
PtVisible
CreateRoundRectRgn
GetTextExtentPoint32A
GetStockObject
Rectangle
CreatePen
CreateFontIndirectA
GetObjectA
StretchBlt
DeleteObject
CreateFontA
SetPixelV
ExtTextOutA
CreateCompatibleDC
SetTextColor
SetBkColor
GetTextMetricsA
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleBitmap
EndDoc
EndPage
StartPage
Polygon
GetBkColor
GetCurrentObject
CombineRgn
ExtCreateRegion
CreateDIBSection
CreateRectRgn
Ellipse
StartDocA
FloodFill

msimg32

TransparentBlt

advapi32

CryptGetUserKey
CryptDestroyKey
CryptExportKey
CryptGetProvParam
CryptEnumProvidersA
CryptAcquireContextW
RegSetValueExA
CryptGenRandom
RegCreateKeyExA
GetUserNameA
RegQueryValueExA
CryptDecrypt
CryptReleaseContext
CryptDestroyHash
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegOpenKeyExA

shell32

SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_Draw
InitCommonControlsEx
ImageList_Remove
ImageList_AddMasked
ImageList_GetImageCount

ole32

CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
OleInitialize
CoBuildVersion
OleUninitialize
CoTaskMemFree

oleaut32

SafeArrayUnaccessData
SafeArrayDestroy
SysAllocString
VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
GetErrorInfo

urlmon

URLDownloadToFileA

wsock32

setsockopt
inet_ntoa
ntohs
getsockname
gethostbyname
connect
select
__WSAFDIsSet
bind
shutdown
recv
send
getsockopt

msvcp110

?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?id@?$collate@D@std@@2V0locale@2@A
?tolower@?$ctype@D@std@@QBEDD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Strxfrm
_Strcoll
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0facet@locale@std@@IAE@I@Z
??_7facet@locale@std@@6B@
??_7_Facet_base@std@@6B@
??1facet@locale@std@@MAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipSetPenColor
GdipDrawLineI
GdipAlloc
GdipFree
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillPolygon
GdiplusStartup
GdiplusShutdown
GdipDrawRectangleI
GdipCreateLineBrushFromRectI
GdipFillRectangleI

wininet

InternetOpenA
InternetConnectA
DeleteUrlCacheEntry
InternetGetLastResponseInfoA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
InternetSetOptionA
HttpQueryInfoA
HttpOpenRequestA

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

msvfw32

DrawDibOpen
DrawDibClose
DrawDibDraw

winmm

timeEndPeriod
PlaySoundA
timeSetEvent
timeKillEvent

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptEncryptMessage
CryptEncodeObject
CryptDecryptMessage
CertCloseStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptMsgControl
CertSetCertificateContextProperty
CertNameToStrW
CryptDecodeObject
CertCreateCertificateContext
CertOpenStore

Exports

Exports

??4CCommEx@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15d69ef8d322bf426e60f800b7595fc4

Headers

DLL Characteristics

File Characteristics

Imports

omc_comm

sqlite3

ws2_32

mfc110

msvcr110

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

wsock32

msvcp110

gdiplus

wininet

imm32

msvfw32

winmm

crypt32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 1018KB - Virtual size: 1018KB

.data Size: 101KB - Virtual size: 128KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.reloc Size: 441KB - Virtual size: 441KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 1018KB - Virtual size: 1018KB

.data
Size: 101KB - Virtual size: 128KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

.reloc
Size: 441KB - Virtual size: 441KB